KnowBe4 has been running the HackBusters site for a few years now, providing you with trending IT security news. We are expanding it and have launched a new exciting online community!
The forum is divided into four main topics or categories:
Social Engineering,Ransomware,Phishing andSecurity Awareness Training.
You are invited to be one of the first to join us at:
https://discuss.hackbusters.com.

Hacker wins $5,000 for Chrome, Firefox address bar spoofing flaw

A vulnerability in how Chrome and Firefox render website addresses could allow an attacker to trick a user into visiting a spoof website that appears to be legitimate.

Rafay Baloch, a security researcher, won $5,000 in a combined bug bounty for finding the flaw.

In a blog post on Tuesday, he explained that the flaw could be used to trick users into supplying sensitive information to a malicious site, because the website appears to be legitimate in the browser's address box.

This address bar spoofing flaw works because some languages that display right-to-left, such as Arabic, are rendered differently. He explained that if you take a neutral right-to-left character (such as a forward slash), it can be used to flip a web address to also display right-to-left.

For example: 127.0.0.1/ا/http://example.com would instead appear in the browser bar as http://example.com/ا/127.0.0.1.

That means anyone clicking on the link, which could be masked in a spam email...(continued)